Improvements to RunWithHttpsDevCert extensions

samples/Directory.Build.targets

@@ -0,0 +1,10 @@
+<Project>
+  <Target Name="EmbedAppHostIntermediateOutputPath" BeforeTargets="GetAssemblyAttributes">
+    <ItemGroup>
+      <AssemblyAttribute Include="System.Reflection.AssemblyMetadataAttribute">
+        <_Parameter1>apphostprojectbaseintermediateoutputpath</_Parameter1>
+        <_Parameter2>$(BaseIntermediateOutputPath)</_Parameter2>
+      </AssemblyAttribute>
+    </ItemGroup>
+  </Target>
+</Project>

samples/Shared/DevCertHostingExtensions.cs

@@ -1,4 +1,5 @@
 using System.Diagnostics;
+using System.Reflection;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
@@ -73,13 +74,10 @@ public static IResourceBuilder<TResource> RunWithHttpsDevCertificate<TResource>(
 
     private static async Task<(bool, string CertFilePath, string CertKeyFilPath)> TryExportDevCertificateAsync(IDistributedApplicationBuilder builder, ILogger logger)
     {
-        // Exports the ASP.NET Core HTTPS development certificate & private key to PEM files using 'dotnet dev-certs https' to a temporary
-        // directory and returns the path.
-        // TODO: Check if we're running on a platform that already has the cert and key exported to a file (e.g. macOS) and just use those instead.
-        var appNameHash = builder.Configuration["AppHost:Sha256"]![..10];
-        var tempDir = Path.Combine(Path.GetTempPath(), $"aspire.{appNameHash}");
-        var certExportPath = Path.Combine(tempDir, "dev-cert.pem");
-        var certKeyExportPath = Path.Combine(tempDir, "dev-cert.key");
+        // Exports the ASP.NET Core HTTPS development certificate & private key to PEM files using 'dotnet dev-certs https' to a directory and returns the path.
+        var certDir = GetOrCreateAppHostCertDirectory(builder);
+        var certExportPath = Path.Combine(certDir, "dev-cert.pem");
+        var certKeyExportPath = Path.Combine(certDir, "dev-cert.key");
 
         if (File.Exists(certExportPath) && File.Exists(certKeyExportPath))
         {
@@ -100,10 +98,10 @@ public static IResourceBuilder<TResource> RunWithHttpsDevCertificate<TResource>(
             File.Delete(certKeyExportPath);
         }
 
-        if (!Directory.Exists(tempDir))
+        if (!Directory.Exists(certDir))
         {
-            logger.LogTrace("Creating directory to export dev cert to '{ExportDir}'", tempDir);
-            Directory.CreateDirectory(tempDir);
+            logger.LogTrace("Creating directory to export dev cert to '{ExportDir}'", certDir);
+            Directory.CreateDirectory(certDir);
         }
 
         string[] args = ["dev-certs", "https", "--export-path", $"\"{certExportPath}\"", "--format", "Pem", "--no-password"];
@@ -182,4 +180,56 @@ static async Task ConsumeOutput(TextReader reader, Action<string> callback)
             }
         }
     }
+
+    private static string GetOrCreateAppHostCertDirectory(IDistributedApplicationBuilder builder)
+    {
+        // TODO: Check if we're running on a platform that already has the cert and key exported to a file (e.g. macOS) and just use those instead.
+        // macOS: Path.Combine(
+        //          Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".aspnet", "dev-certs", "https"),
+        //          "aspnetcore-localhost-{certificate.Thumbprint}.pfx");
+        // linux: CurrentUser/Root store
+
+        // Create a directory in the project's /obj dir or TMP to store the exported certificate and key
+        var assemblyMetadata = builder.AppHostAssembly?.GetCustomAttributes<AssemblyMetadataAttribute>();
+        var projectDir = GetMetadataValue(assemblyMetadata, "AppHostProjectPath");
+        var objDir = GetMetadataValue(assemblyMetadata, "AppHostProjectBaseIntermediateOutputPath");
+        var dirPath = projectDir is not null && objDir is not null
+            ? Path.Combine(projectDir, objDir, "aspire")
+            : Directory.CreateTempSubdirectory(GetAppHostSpecificTempDirPrefix(builder)).FullName;
+
+        if (!Directory.Exists(dirPath))
+        {
+            // Create the directory
+            Directory.CreateDirectory(dirPath);
+        }
+
+        return dirPath;
+    }
+
+    private static string? GetMetadataValue(IEnumerable<AssemblyMetadataAttribute>? assemblyMetadata, string key) =>
+        assemblyMetadata?.FirstOrDefault(a => string.Equals(a.Key, key, StringComparison.OrdinalIgnoreCase))?.Value;
+
+    private static string GetAppHostSpecificTempDirPrefix(IDistributedApplicationBuilder builder)
+    {
+        var appName = Sanitize(builder.Environment.ApplicationName).ToLowerInvariant();
+        var appNameHash = builder.Configuration["AppHost:Sha256"]![..10].ToLowerInvariant();
+        return $"aspire.{appName}.{appNameHash}";
+    }
+
+    private static readonly char[] _invalidPathChars = Path.GetInvalidPathChars();
+
+    private static string Sanitize(string name)
+    {
+        return string.Create(name.Length, name, static (s, name) =>
+        {
+            var nameSpan = name.AsSpan();
+
+            for (var i = 0; i < nameSpan.Length; i++)
+            {
+                var c = nameSpan[i];
+
+                s[i] = Array.IndexOf(_invalidPathChars, c) == -1 ? c : '_';
+            }
+        });
+    }
 }